fix: [UIE-9174] - Restricted user with read-write billing access, unable to access billing#12861
Conversation
|
Should we apply the same fix to Account Settings? Screen.Recording.2025-09-11.at.10.04.08.AM.mov |
|
This does seem to fix the issues. The only "issue" I'm seeing is that, for a restricted user without account access, Cloud Manager will continue to make requests to
|
|
@bnussman-akamai thanks - it's a decent step forward - I wonder if we can granular check to run the query based on the grant/permission |
|
Yeah, That's what I was thinking too. We could pretty easily do that with grants but all of the IAM helpers are in Maybe something like this? export const useAccount = () => {
const { data: profile } = useProfile();
const { data: grants } = useGrants(profile !== undefined && profile.restricted);
const { data: roles } = useUserRoles(profile?.username, profile !== undefined);
return useQuery<Account, APIError[]>({
...accountQueries.account,
...queryPresets.oneTimeFetch,
...queryPresets.noRetry,
enabled:
(profile !== undefined && !profile.restricted) ||
(grants !== undefined && grants.global.account_access !== null) ||
(roles !== undefined && roles?.account_access.includes('account_viewer'))
});
}; |
Cloud Manager UI test results🎉 746 passing tests on test run #6 ↗︎
|
bnussman-akamai
changed the base branch from
develop
to
hotfix/release-v1.150.1
jdamore-linode
requested review from
cliu-akamai,
dwiley-akamai and
mjac0bs
and removed request for
a team
bnussman-akamai
force-pushed
the
UIE-9174
branch
from
137dd8b to
f43676c
Compare
mjac0bs
changed the title
jdamore-linode
left a comment
jdamore-linode
left a comment
There was a problem hiding this comment.
Thanks @abailly-akamai and @bnussman-akamai!
Confirmed the fix for restricted users with billing access; I'll do a more thorough dive of the app during release testing.
mjac0bs
left a comment
mjac0bs
left a comment
There was a problem hiding this comment.
Confirmed restricted billing access user no longer sees the errors on the account pages.
Thanks Banks for the changelog update.
mjac0bs
added
Bug
cpathipa
merged commit 6fdf11f
into
linode:hotfix/release-v1.150.1
7 participants
Description 📝
A (non-IAM) restricted user with read and write permissions for billing are seeing a "There was an error retrieving your account data" when trying to view the billing page
/billing. The data loads properly after refreshing the page. However returns after logging out and back in.It appears that the issue stems from a race condition with an early /profile and /account check out of sync with the new IAM permission model.
The current fix addresses this particular problem, and in addition strengthens the account fetching patterns for restricted users.
Changes 🔄
Scope 🚢
Upon production release, changes in this PR will be visible to:
Target release date 🗓️
9/23/2025 (should this be a hotfix?)
How to test 🧪
Reproduction steps
With a legacy (non-IAM) restricted users with
read_onlyorread_writebilling permissionsVerification steps
With a legacy (non-IAM) restricted users with
read_onlyorread_writebilling permissionsAuthor Checklists
As an Author, to speed up the review process, I considered 🤔
👀 Doing a self review
❔ Our contribution guidelines
🤏 Splitting feature into small PRs
➕ Adding a changeset
🧪 Providing/improving test coverage
🔐 Removing all sensitive information from the code and PR description
🚩 Using a feature flag to protect the release
👣 Providing comprehensive reproduction steps
📑 Providing or updating our documentation
🕛 Scheduling a pair reviewing session
📱 Providing mobile support
♿ Providing accessibility support
As an Author, before moving this PR from Draft to Open, I confirmed ✅